Fiat Chrysler says it has a software fix to prevent hacking

24 Jul 2015 | Author: | No comments yet »

A hacked Jeep should be a wake-up call to automakers.

As major automakers continue to roll out cars with Wi-Fi features connecting the vehicles with smartphones and other devices, their innovations are likely to catch the eye of hackers as well as tech-hungry customers, opening up a new asphalt playing field in the arena of cybersecurity. “My concern is where we are heading in the future. Fiat Chrysler is offering a software patch for some of its internet-connected vehicles after a report showing hackers seizing control of a moving 2014 Jeep Cherokee.

PITTSBURGH (AP) – Chris Valasek celebrated his new-found fame as part of a two-man team that successfully hacked into a high-end Jeep Cherokee by downing a Primanti’s sandwich and a 22-ounce Iron City Light. As we head toward more automated drive systems, then the possibilities for hacking open up even more,” says Akshay Anand, an analyst with automotive research company Kelley Blue Book.

Fiat Chrysler claimed no first-hand knowledge of any of its vehicles being hacked and released a statement yesterday saying that software updates were sometimes required “for improved security protection to reduce the potential risk of unauthorised and unlawful access to vehicle systems”. As writer Andy Greenberg sped down the highway in a Jeep Cherokee, the radio started blasting hip hop, the air conditioning unexpectedly turned on, the wipers activated — and then the SUV switched itself into neutral.

The Jeep incident was the latest warning to the auto industry, which is rapidly adding Internet-connected features like WiFi and navigation that are convenient for drivers but make the car more vulnerable to outside attacks. This was swiftly followed by his music system springing into noisy life and his windscreen wipers suddenly whipping back and forth at their fastest speed. Through a flaw they discovered, Miller and Valasek gained access to the vehicle’s computer network through the wireless Uconnect system, which let them control the steering, brakes and transmission of the Jeep while the reporter was driving. Then came the worst bit by far – without him doing a thing, the Jeep’s engine died, leaving the car crawling along at a snail’s pace on a busy freeway.

The security gap was a vulnerability in vehicles featuring Uconnect, including models built from 2013-2014 by Chrysler, Dodge, Jeep and Ram, along with the 2015 Chrysler 200. The problem with the Jeep was that its manufacturer, Chrysler, didn’t follow a basic rule of security, which is to keep the parts that communicate with the outside world completely separate from the parts that control the crucial systems, such as steering and brakes. He worked at a job in Atlanta for a few years before his employer allowed him to start working from home. “They said I could move anywhere in the world, and I came back here,” Valasek, 33, told the Tribune-Review Wednesday. “I love it. Automakers are testing driverless car features as the next stage of innovation for their industry, and Anand says such technology could help hackers remotely steal a car.

I travel the world for my job, and I’m always glad to come home.” Valasek said the hack could affect as many as 420,000 Chrysler vehicles that feature the proprietary wireless entertainment and navigation system that connects to the Internet, called Uconnect. The danger to consumers stems in large part from the rapid increase of companies, including automakers, who are making connected devices without putting the same effort into cybersecurity protections for those devices.

And with a growing number of internal car functions being controlled by chips and software, the list of things that could conceivably be commandeered by hackers is steadily expanding. Some companies “are absolutely not doing it the right way,” says Jim Hunter, chief scientist at Greenwave Systems, which provides software for connected devices to companies like Verizon and IBM. “The challenge is that there are some young companies that don’t have that experience,” Hunter says. “Larger consumer electronics companies have experienced those scars of mistakes with consumers. Granted, it took Greenberg’s hackers — a pair of security researchers who warned him in advance about what they were doing — months to find a way to take over a Jeep through its entertainment system, and Chrysler has already issued a software update to plug that hole. Unsurprisingly, Fiat Chrysler, this particular vehicle’s manufacturer, has now issued a “patch” that befuddled car owners must download or beg their local dealer to do for them.

Companies put in requirements to make sure that if you are a firm that wants its device to be interoperable with a software ecosystem like a smartphone network, they will have to assure they have security safeguards.” In response to such concerns, Federal Trade Commission Chairwoman Edith Ramirez has been pushing for more privacy and cybersecurity standards in the growing Internet of Things ecosystem – a sector of devices connected to wireless signals that includes not only cars but blenders, watches, thermostats and refrigerators. Nevertheless, the incident should set off alarms throughout the industry, which still relies on protocols developed long before cars could connect electronically to other, potentially hostile devices. That ecosystem is growing, as an estimated 4.9 billion connected things will be used in 2015, up 30 percent from 2014, according to market research firm Gartner.

Security experts say there has been no concerted effort by automakers or parts suppliers to redesign internal communications channels to guard against attackers. For the Wired article, Valasek and Miller took the journalist through a bit of a freak-out moment by first controlling the radio, wipers and washer fluid on the Cherokee as he was driving on a St. Personally, I think it’s too easy when something like this happens to moan and mourn the days when you, and you alone, had control of your car, or who saw your saucy honeymoon snaps.

According to research published by Markey’s office earlier this year, only two or three of 16 studied car companies appeared to be able to detect or respond to a hack, and customers often don’t know information from their car is being collected and sent to third parties. “Federal law must provide minimum standards and safeguards that keep hackers out of drivers’ private data lanes,” Blumenthal wrote in a press statement. “Security and safety need not be sacrificed for the convenience and promise of wireless progress.” Republicans like Sen. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) introduced a bill to require the National Highway Transportation Safety Administration to develop security and privacy standards for vehicle electronics and offer ratings on how well they guard against hackers. Valasek wore a Pitt T-shirt.) By merely typing the right series of computer commands, the researchers said they could hack into these vehicles, almost anywhere they might be driving.

Although mandating a specific security approach would be a bad idea — lawmakers and regulators can’t keep pace with ever-changing technology — having the agency shepherd the industry’s efforts to identify and respond to vulnerabilities would be welcome. And putting a security grade next to the mileage estimate on a new car’s sticker would bring needed pressure on the industry to make vehicles more resistant to hackers before they hit the showroom floor. Automation, to varying degrees, has offered salvation to billions – from those of us profoundly grateful for the domestic dishwasher all the way through to the patients of doctors performing “telesurgery” – remotely operating on patients miles away.

The deal of this modern age must be that if we consumers put our faith into the hands of companies using cutting edge technology, these businesses need to meet us half way with assurances of total security. Government and industry officials are racing to add protections before techniques demonstrated by Miller, Valasek and other researchers join the standard tool kits of cybercriminals. In this battle, defensive forces have one clear strength: Connected devices run many types of software, meaning that an attack on one may not work on others. Even cars from a single manufacturer can vary dramatically from one model year to the next, hindering hackers. “They haven’t been able to weaponize it.

For instance, while I love how Google continues to push the boundaries with driverless cars and its forays into artificial intelligence, I don’t much like it when it randomly collects people’s information without their prior consent. Nor do I feel assured about putting my family photos into Apple’s iCloud soon after intimate images of Hollywood A-listers have been hacked (and no before you ask, they aren’t those kind of snaps) – even though I’m an iPhone and Mac fan. You can’t yet do it on a 100,000-car basis.” Valasek acknowledged that it has taken years of research for him and Miller to reach this point, and executing the hack still requires detailed knowledge of not only computers, but also how the vehicle software works. “If you’re concerned about someone assassinating you, then, yes, you should be concerned,” Valasek said. “Otherwise, it’s not to the point where it’s opportunistic.”

They will hack our cars, our emails and in years to come, no doubt, our thermostats, fridges, pacemakers, even airliners – anything and everything that will be connected to the so-called “internet of things”.

Here you can write a commentary on the recording "Fiat Chrysler says it has a software fix to prevent hacking".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site